sparkkitty

ChainCatcher news, today Kaspersky disclosed a new virus called SparkKitty, which specifically targets screenshots of cryptocurrency users' mnemonic phrases. It pointed out that the two applications identified by Kaspersky for spreading this malware are both related to cryptocurrency. One of them, named "Coin", disguised itself as a cryptocurrency information tracker and was once available on the App Store.Coin responded: acknowledging that it had integrated a third-party SDK provided by a trading platform, but the high-risk features related to photo album permissions and image uploads in that SDK were disabled from the beginning and were never activated or triggered, thus user data was not affected. The Coin technical team discovered suspicious behavior in the SDK that induced the activation of photo album permissions and photo uploads during testing, and subsequently blocked the upload function through the interface to ensure that potential risk features could not operate. Currently, Coin has initiated a comprehensive code security review and has committed to upgrading the review process for third-party SDKs and background checks for partners to prevent similar incidents from occurring again.

ChainCatcher news, according to Cointelegraph, Kaspersky has discovered a new virus named SparkKitty, specifically targeting iOS and Android cryptocurrency applications, stealing mnemonic phrase screenshots from users' photo albums. Affected applications include "Coin" on the App Store and the SOEX messaging app, which has over ten thousand downloads on Google Play.This virus originates from the same source as the previously discovered SparkCat, with active time tracing back to early 2024, primarily attacking users in Southeast Asia and China.